RBS and NatWest in the UK have begun rolling out a new feature in their FREE smartphone banking app called ‘RBS / NatWest Mobile Banking’ (using a system called ‘GetCash’) that allows users to get up to £100 (minimum £10) at any one time up to their daily withdrawal limit, using a six-digit PIN code sent to the customer’s mobile.
The unique code, which is valid for three hours at a time, is then punched into the ATM using the current keypad, with users also able to use the service to send money to third-parties. See Pingit. The banking app is password protected, so make sure you use a strong password*. This type of service is also very handy if you have lost or forgotten cards (not stolen cards as the bank will stop your accounts immediately you inform them). In the event the app is compromised, the most a thief could steal is £100, but this depends on your daily withdrawal limit.
You might want to check with RBS and/or NatWest as to whether you can set a threshold on the amount you can withdrawal on an given day. You might also want to consider lowering your withdrawal threshold. This will provide you added protection in the event your mobile is ever stolen and the app is compromised.
*My concern with passwords for accessing mobile apps is that users will be tempted to store them in easy to read files and formats i.e. Memo or Task app. Users should be warned by the banks to make sure the app password is unique to only the banking app and use a mobile password manager app. Pass pattern tokenless challenge technology might be an option for developers and retail banks here.
Important note: RBS customers can use this new feature in Scotland and NatWest customers in England and Wales.
One issue I see, is having too many technology methods of drawing cash i.e. ATM withdrawals using a debit card and using an app, online banking, mobile banking, NFC payment etc means there are more opportunities to have your online environment, banking accounts and apps compromised (via PIN and/or passwords). What about the user cost? Not all these Wallet apps are free to use, and as more and more of us use these banking apps, I believe the banks will want to leverage a transaction charging mechanism to justify the costs of the back end security stack. Only when this happens will we know whether customers have bought into the Wallet revolution.
Safe surfing folks!